# SQL

In this guide we'll go over the basic ways to create a Q&A chain and agent over a SQL database.
These systems will allow us to ask a question about the data in a SQL database and get back a natural language answer.
The main difference between the two is that our agent can query the database in a loop as many time as it needs to answer the question.

## ⚠️ Security note ⚠️

Building Q&A systems of SQL databases can require executing model-generated SQL queries. There are inherent risks in doing this.
Make sure that your database connection permissions are always scoped as narrowly as possible for your chain/agent's needs.
This will mitigate though not eliminate the risks of building a model-driven system. For more on general security best practices, see [here](/docs/security).

## Architecture

At a high-level, the steps of most SQL chain and agent are:

1. **Convert question to SQL query**: Model converts user input to a SQL query.
2. **Execute SQL query**: Execute the SQL query
3. **Answer the question**: Model responds to user input using the query results.

![SQL Use Case Diagram](/img/sql_usecase.png)

## Quickstart

Head to the [Quickstart](/docs/use_cases/sql/quickstart) to get started.

## Advanced

Once you've familiarized yourself with the basics, you can head to the advanced guides:

- [Agents](/docs/use_cases/sql/agents): Building agents that can interact with SQL DBs.
- [Prompting strategies](/docs/use_cases/sql/prompting): Strategies for improving SQL query generation.
- [Query validation](/docs/use_cases/sql/query_checking): How to validate SQL queries.
- [Large databases](/docs/use_cases/sql/large_db): How to interact with DBs with many tables and high-cardinality columns.
